Wednesday, December 15, 2010

Windows 7: HOSTS File

When you type in a Web address such as www.example.com into a browser, the application contacts a DNS (Domain Name Services) server looks up the DNS name and translates it in to a numeric IP address. When Windows does a DNS lookup it first checks a file called HOSTS which is like a mini-DNS server before it checks the regular DNS server.  This file is a legacy technology from the past, but its left in the OS for backwards compatibility.

This file is a popular target of malware, which tries to use it redirect traffic from real sites to phishing sites to steal your personal information. The file is located in the following directory C:\WINDOWS\SYSTEM32\DRIVERS\ETC, and the file name is HOSTS with no file extension.

Note: Lines with pound signs (#) are comments.

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

No comments: